Apple, Biden, Musk and other high-profile Twitter accounts hacked in crypto scam

A number of high-profile Twitter accounts were simultaneously hacked on Wednesday by attackers who used the accounts — some with millions of followers — to spread a cryptocurrency scam.

Apple, Elon Musk and Joe Biden were among the accounts compromised in a broadly targeted hack that remained mysterious hours after taking place. Those accounts and many others posted a message promoting the address of a bitcoin wallet with the claim that the amount of any payments made to the address would be doubled and sent back — a known cryptocurrency scam technique.

In the hours following the initial scam posts, Kim Kardashian West, Jeff Bezos, Bill Gates, Barack Obama, Wiz Khalifa, Warren Buffett, YouTuber MrBeast, Wendy’s, Uber, CashApp and Mike Bloomberg also posted the cryptocurrency scam.

While we’re still learning more specifics about how the hack went down, we can report that the hacker leveraged an internal Twitter admin tool to gain access to the high-profile accounts. That reporting was soon confirmed by Twitter’s own account of what happened. On Wednesday evening, the company tweeted that “a coordinated social engineering attack” on employees gave a hacker “access to internal systems and tools.”

Before the scope of the incident became clear, the hack appeared to focus on cryptocurrency-focused accounts. In an initial wave of scam posts, @bitcoin, @ripple, @coindesk, @coinbase and @binance were hacked with the same message: “We have partnered with CryptoForHealth and are giving back 5000 BTC to the community,” followed by a link to a website.

The linked site was quickly pulled offline. Kristaps Ronka, chief executive of Namesilo, the domain registrar used by the scammers, told TechCrunch that the company suspended the domain “on the first report” it received. Hacked accounts shifted to sharing multiple bitcoin wallet addresses as the incident went on, making things more difficult to track.

At first, it appeared that some of the compromised accounts were back under their owners’ control as tweets were quickly deleted. But then, Elon Musk’s account tweeted “hi” after his initial tweet with the scam was deleted. The “hi” tweet also disappeared.

As the issues continued, many verified Twitter users also reported being unable to tweet. Around 3:15 p.m. PT, the official Twitter Support account confirmed “[Users] may be unable to Tweet or reset your password while we review and address this incident.” By Wednesday evening, Twitter said that most tweeting should be back to normal but functionality “may come and go” as the company “continue[s] working on a fix.”

It became clear early on that this situation was not the case of a single account being compromised as we’ve seen in the past, but something else altogether. Even Apple, a company known for robust security, somehow fell victim to the scheme.

Some Democratic political figures were also hacked as part of the cryptocurrency scam, including Barack Obama, Joe Biden and Mike Bloomberg. An official from the Biden campaign told TechCrunch that Twitter locked down the former vice president’s account “immediately” after it was compromised and the campaign remains in close contact with Twitter on the issue. At the time of writing, no accounts belonging to Republican politicians appear to have been hacked.

While the scope of Wednesday’s Twitter hack is unprecedented on the social network, the kinds of scams the hacked accounts promoted are common. Scammers take over high-profile Twitter accounts using breached or leaked passwords and post messages that encourage users to post their cryptocurrency funds to a particular address under the guise that they’ll double their “investment.” In reality, it’s simple theft, but it’s a scam that works.

The main blockchain address used on the scam site had already collected more than 12.5 bitcoin — some $116,000 in USD — and it’s going up by the minute.

Apple, Biden, Musk and other high-profile Twitter accounts hacked in crypto scam, TechCrunch, Jul 16